integrated service routers (ISR) which runs on Cisco IOS release ... device (CE), provider edge device (Label Edge Router) and .... (i.e., DSL, Dial, IPsec).
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
Cloud Based Virtual Private Networks Using IP Tunneling for Remote Site Interfaces 1
2 3 M. N. Ogbu G.N. Onoh K.C. Okafor, 1&2 Dept. of Electrical and Electronic Engineering, Enugu State University of Science and Technology, Enugu, Nigeria. 3 Computer Systems & Software Dev.Dept. of Mechatronics Engineering, Federal University of Technology, Owerri, Nigeria
quality of service (QoS). However, this has not been explored in cloud computing domain. The VPN uses established protocols to safeguard, and encrypt both users and corporate data. Some of such protocols are [2]: IP security (IPsec), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Point-To-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP) and OpenVPN. In general, the two major types of VPNs are the remoteaccess/site VPNs and site-to-site VPNs [3]. The former ensure that VPN software clients are securely connected to access centralized network resources that are housed behind VPN servers while the latter allows creation of dedicated, secure connections between locations across the open Internet/public connection which can be either Intranet-based or extranetbased [2]. The gain of using a secure VPN is that it facilitates moderate level of security to be applied to connected systems when the background network infrastructure cannot provide it. Usually, cost and feasibility makes organizations to adopt this choice. The performance is hindered by the speed of users' internet connections, the types of protocol used by a support Internet service provider (ISP), poor quality of service (QoS) and the VPN encryption type used. Most enterprises till date use VPN connections in either remote-access mode or site-to-site mode to connect their branches. Also, they are used in connecting to their resources in a Public Cloud Infrastructure-as-a-Service (PCIaaS) domain. There are hybrid-access VNP cases where the VPN gateway is placed in the cloud having a protected link from the cloud ISP into their internal network. In high performance networks, layer 2 may not guarantee QoS, rather the layer 3 MPLS-VPN can be used as datacarrying transmission technology that moves data from one network node to the next based on short path label without looking up into the routing table. Fig.1a) 1-depicts the method for storing overlapping addresses, 2-shows the learning of customer site reachability information, 3- illustrates the distributing of customer site reachability across the VPN and VPN membership discovery and 4-describes the tunneling mechanism for security and address separation in the L3VPN.
Abstract— Most enterprise organizations need a robust IP technology that creates a safe and encrypted connection tunnel over the less secure internet. In order to allow remote users and branch offices to securely access corporate applications and other resources, joint location problem (JLP) and link connectivity problems (LCP) need to be assured. This guarantees safety as data travels through secure tunnels. Though IP based VPN has been developed, the full characterization of JLP and LCP for VPN customer edge devices as well as provider edge nodes have not been fully explored. The aim of this paper is to apply advanced perspectives to VPN-IP design which could be applied in cloud computing IP multi-protocol label switching (MPLSVPN) infrastructure. Mathematical formulations are introduced in the system architecture. Riverbed Modeler 17.5 is used to simulate VPN-IP tunneling for a typical enterprise scenario (Non-MPLS aware). Sixteen (16) Ethernet4_Slip8_gatway, i.e., integrated service routers (ISR) which runs on Cisco IOS release 15.4 are employed at both the customer and provide edge. Also, six (6) customer nodes are introduced. Reachability metrics using the Ping command showed the various response times for each site. For IP tunneling, end to end delay, throughput and resource utilization behavior are observed to be moderate for low scale workloads. The challenges of the VPN-IP tunneling are discussed while highlighting the merits of an IP based MPLS-VPN infrastructure. In other to avoid complex problems in VPN-IP tunneling, this work recommends cloud based MPLS-VPN as a viable alternative for optimal performance and service delivery. Keywords— cloud computing; tunneling; routing protocol; optimization problems; internet backbone; service provisioning
I. INTRODUCTION A. Background Study The need for high capacity IP switching backbone has continued to intensify the demand for high bandwidth intensive services in most developing countries like Nigeria. An approximate of 19.2 Tbps submarine cable capacity landed in Lagos, Nigeria from Europe few years ago. Till date, out of this capacity, less than 10% of this total capacity is utilized in Nigeria. However, efforts have been made to fix national optic fiber coverage (NOFC) for service delivery in Nigeria. This has enabled telecommunication operators and Internet Service Providers such as Globacom, MTN, Airtel, Etisalat, Cyberspace, Internet Solutions, etc., to gain advantage via the latest potential of MPLS service [1]. This sets the platform for scalable virtual private networks (VPNs) and end-to-end 30
978-1-5090-6422-9/17/$31.00 ©2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
Fig.1b shows the MPLS-VPN having the customer edge device (CE), provider edge device (Label Edge Router) and the provide core node (Link Switching Router).
their various branches on demand, the network must be devoid of connectivity encumbrances. Unfortunately, the conventional VPN-IP without layered MPLS cannot guarantee Traffic Engineering (TE) and Quality of Service (QoS) in respect of predictable minimum delay, delay variation and loss of packets to the users. With a re-engineered layer 2/3 VPN leveraging traffic engineering (TE) for QoS provisioning, an improved performance would be achieved. B. Research Motivation There are enormous traffic challenges in convectional networks which have compelled telecommunication operators as well as ISPs to deploy layered VPN customers inside MPLS network. But the conventional VPN-IP has several challenges associated with QoS particularly for real-time applications. Using layer-3 MPLS VPN with IP for site-to-site routing creates an overhead. Network scalability, on-demand routing control, and security, convergence, etc, still remains a challenge. JLP and LCP in cloud based MPLS-VPN are yet to be investigated. For the enormous 19.2 Tbps bandwidth available in Nigeria, without creating an optimal infrastructure for QoS maximization particularly in the overall bandwidth intensive cloud environment, this will amount to economic wastes. The main aim of this research is to characterize a cloud based VPN using IP tunneling. This can be applied cloud computing Infrastructure as a Service (IaaS) offering.
Fig. 1a. Elements of L3VPN [2]
The remainder of the paper is organized as follows. Section II presents related works. Section III illustrates the complex system formulation and the cloud VPN-IP model. Section IV presented the system analysis and simulation. Section V presents the results from the simulation study. Section VI highlighted the VPN_IP tunnel challenges. Section VII focused on the research discussions particularly on MPLS Layer 3VPN. Section VIII concludes the work with future work. II.
RELATED WORKS
In [1], Virtual Private Networks (VPNs) was designed with Multi Protocol Label Switching (MPLS) and justified the popularity of layer 3 MPLS VPNs. In [3], SMART IDS was proposed as security architecture for secure transactions in VPN environments. In the work, VPN configurations were derived and used for satisfactory simulation whose results focused on SMART Network Security System (SNSS) branch node throughputs, TCP traffic behavior. In [6], a functional differentiation between Layer 2 and Layer 3 VPN in MPLS designs was established. Existing works on VPN-IP has tilted to MPLS traffic engineering [7], [8], [9] which enables an MPLS backbone to replicate and expand traffic engineering capabilities of Layer 2 ATM, and Frame Relay networks. An outline of functional devices that could be used for Layer 3 IP VPN (L3VPN) support is presented in [12]. This work observes that traffic engineering involving JLP and LCP have not been explored in VPN-IP networks. These are essential for localized service providers and Internet service provider (ISP) backbones. In this case, the backbone can
Fig.1b. MPLS-VPN Routing [1]. With MPLS-VPN in Fig.1a, b, this enables efficient utilization of provisioned networks to meet future growth and rapid fault correction of link and node failure. MPLS technology helps to deliver highly scalable, differentiated end-to-end IP services with simpler configuration, management, and provisioning. By leveraging wholly owned submarine optic fiber cable, enterprises using MPLS technology can offer dedicated high speed internet services with exceptional uptime. It can allow customers with locations spread around Nigeria to connect and transfer data in a fast and secure way over a reliable and robust MPLS network [4],[5]. The nationwide MPLS infrastructure for cloud services when fully utilized can offer unparalleled connectivity across enterprises in Nigeria. For multi-site organizations with branches nationwide, requiring a secure, stable and fast means of sending, accessing and sharing large amounts of data, making voice calls and setting up multimedia applications in 31
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
support efficient use of transmission capacity. Network resilience is prominent since the network can withstand link or node failures. III.
with the connecting nodes to the HQ core. The interest is in the optimal mapping of IP tunnel which minimizes the access connecting cost (i.e., the cost of the subnet access network to the HQ core network connectivity) and the sub branch node placement cost. It also includes the cost of connecting HQ core network nodes. A group of IP routers may be clustered to connect to another subnet cluster of IP networks through a VPN/MPLS based network in which a designated (set) sites for MPLS nodes are available. In context, the issue is which IP router/switch should be dedicated as core MPLS switch so that access IP tunneling as well as interconnection cost between the ingress and egress switches is reduced or minimized. As such, the IP tunnel routers in a cluster is used as an access network domain or node edge customer devices, and the VPN/MPLS switch network as the core network for HQ. In the architecture, VPN IP routing protocols have the ability to dynamically summarize the routing information.
COMPLEX SYSTEM FORMULATIONS
Various locations exist in a non-MPLS aware function such as customer premises (customer edge), subscriber provisioning edge (provider edge), and subscriber provisioning core (provider). The emphasis of this paper is on the VPN customer edges with IP tunneling. Frame Relay- Data link connection identifier (DLCI), Ethernet and VLAN interfacing can be used in L2VPN. For L3VPN, EIGRP and OSPF are used for IP tunnel traffic engineering. However, the major optimization problems in VPN-IP tunneling as well as MPLS VPN are presented below. A. VPN_MPLS Joint Node Location Problem From Fig.1, for nodes in the sub-branches (g1, g2, g3 g4,....gn+1) to connect HQ area, the nodes must be connected in the core to form a complex network. There is a link cost associated
Fig.1. Architecture for VPN-IP Tunneling.
Using IP summarization, the route table smartly updates all the routers. The flow between routers is greatly reduced thereby saving bandwidth, router memory and router CPU utilization. A characterization of the design model resolution (CASE_1) is discussed below. Considering Fig.1, at level one, every site is a feasible candidate site for node device location. Consider that these are N sites (sub-branches) to be connected in which are gateway locations to be selected. Let the cost of connecting sitei to sitej be given by and the cost of locationj, if opened is . Let be the maximum number of terminations that can be handles at locationj.
Now, let’s introduce two sets of variables, where denotes the decision variable which takes the value 1 if sitei is to be connected to sitej (0, otherwise), and is the decision variable that indicates the opening of sitej, etc. Assuming that there exists a symmetry on the connectivity cost, i.e., = ; this implies that is indifferent from . As such, the problem is confined to i and j which are diagonal or upper diagonal, i.e., ≤ with , = 1,2,......,N. If site i is the access site with subnet nodes (customer premises CP device), then it is required that it be connected to exactly one node device site. This is related as follows: ∑ = 1, for any access site i. This is also given as 32
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
∑ ∑
≥ 1, for any access site i. ≤ 1, for any access site i.
IP VPN tunnel: Node location and Link Connectivity. Indices , = 1,2, 3……..N sites to be connected. Constants P=Number of switch locations (P Discrete Event Tables. All remote sites other than the No_Tunnels site can ping the HQ site. The External site can reach the External machine in HQ because a single routing protocol (EIGRP and OSPF) is being run along all the intermediate links respectively. The external site, GRE and IP-IP sites are connected via the tunnels. The hop information for the ping request from the External site contains all the hops in the Internet, whereas the hop information for the requests from GRE and IP-IP site do not contain any Internet hops. This is because the ping packets are encapsulated when they are sent over the tunnel. This reachability ping result is shown in Fig. 2, 3, 4, via the result browser.
B. Design Configuration In this section, the network design setup is presented taking cognizance of the optimization problems previously established. Tunnels are configured as logical interfaces on the CE routers. These interfaces are configured on the attribute IP routing parameters -> tunnel interfaces. The attributes include tunnel name, address, source, destination, mode etc. In the design, all the tunnels present in the network is visualized by going to the "View" menu and clicking on "Visualize Protocol Configuration -> IP Tunnel Configuration" of the modeler. In this paper, the VPN-IP network backbone is used core of the three layer hierarchical model shown in Fig.1. The backbone comprises the following: i. VPN_IP_HQ: This is the headquarters site. Internally, it uses private IP addresses and runs OSPF. It is connected to the Internet via an interface with a public IP address that runs EIGRP. It also contains another router (External) that has an external IP address and runs EIGRP. ii. VPN_GRE: This is a remote VPN site. Its configuration is similar to the HQ. It is 34
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
Fig. 2a. VPN_IP Ping report for External enterprise network at 100secs.
Fig. 2b. VPN_IP Ping report for External enterprise network at 1904secs.
Fig. 3a. VPN_IP Ping report for GRE network at 100secs.
35
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
Fig. 3b. VPN_IP Ping report for GRE network at 1904secs.
Fig. 4a. VPN_IP Ping report for IP-IP network at 100secs.
Fig. 4b. VPN_IP Ping report for IP-IP network at 1904secs.
Tunnel connectivity is not lost due to changes in the physical topology, as long as the tunnel destination is reachable. The success of the second ping request at 1904 seconds (after failure of Internet.node_1) demonstrates this fact in all the scenarios.
show the delay and delay variation for packets traversing the GRE tunnels from the GRE subnet to the HQ subnet.
B. Delay Observation From the tunnel statistics on three VPN IP gateways, it can be seen that the delay and jitter have also not increased much due to the failure of the primary route. But tunnel end-to-end delay and delay variation are studied via its statistics. These statistics are valid for explicit traffic only. The saved graphs 36
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
Fig. 5a. End to End delay.
Fig. 5b. Delay Variation.
Fig. 5c. Combined Delay Variation and ETE delay 37
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
packet sent over a GRE tunnel has an overhead of 24 bytes (4 byte GRE header + 20 byte outer IP header). Since the traffic used in this scenario is voice traffic, which is made up of small sized packets, the percentage overhead is very high. If data traffic such as FTP is being sent, then the percentage overhead will not be as high. It is to be noted that the effects of overhead can be seen only on explicit traffic
C. Throughput Overhead Due to Tunnels The throughput on the links connecting GRE, IP-IP and External sites to the Internet (due to IP traffic) have been plotted and saved in the analysis configuration panels. These graphs illustrate the overhead incurred due to the use of tunnels. Even though the traffic sent in packets/sec is the same on all three links, there is a considerable difference in the bits/sec statistic. Each packet sent on an IP-IP tunnel has an overhead of 20 bytes due to the extra IP header added. Each
Fig. 5a. Throughput in Packets/Secs.
Fig. 5b. Throughput in Bits/Secs.
reflected in this statistic. Lower utilization is shown under lesser traffic workload. This will usually increase with additional traffic workload.
D. Available Tunnel Resource Utilization Traffic traversing a tunnel interface leads to resource utilization which can be measured using the new statistics defined for tunnel interfaces. Fig.6 shows a typical enterprise utilization statistics are present under the IP Tunnel category. Explicit traffic and background flows are 38
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
Fig. 6. VPN-IP Tunnel Resource Utilization.
From the results obtained so far, it obvious that IP tunnels can be used for various purposes, such as: i. Constructing VPNs between different sites of an enterprise over the Internet ii. Encapsulating and sending IPv6 data over IPv4 networks iii. These tunnels can be used to connect two sites or more with private IP addresses over a public IP network. Tunnel interfaces are capable of running routing protocols to seamlessly route private data traffic over the public domain after encapsulation.
routing protocols, the convergence time is reduced in classical MPLS network compared with VPN IP tunnel. - Convergence Time From this work, the VPN IP routing calls with the smallest convergence times are proprietary routing protocols IGRP and EIGRP. But OSPF and ISIS routing networks follows a hierarchical design structure which has convergence issues. IP Convergence is the total time it takes a router to understand a topological network change, calculate the change within its routing table and then distribute the table to adjacent routers. The adjacent routers as well perform the exact functions. This convergence time depicts the total time it takes for the routers to begin use the newly computed route This time is very crucial for mission critical/time-sensitive traffic. If a router takes too long to detect, recalculate and then distribute the new route, the time-sensitive traffic may experience poor performance or the end nodes of the connection may then drop the packets. This is a major issue. Instances of long convergence time represent active failure to detect poor connections within a reasonable time frame. Poor connections such as line errors, high collision rates and others require some MPLS customization on the routers for capturing these types of issues promptly. - Traffic Priority Also, for mission critical scenarios, traffic prioritization constitutes a reliable policy-based routing that prioritizes the network traffic. This allows time sensitive and mission critical traffic to take precedence over throughput-sensitive type traffic. The selected routers employ three types of traffic prioritization. These are priority queuing, custom queuing and
VI. VPN_IP TURNNEL CHALLENGES Many factors affect the performance of the VPN_IP backbone. These factors include: Path optimization, traffic prioritization, load balancing, alternate paths, switched access, and encapsulation (tunneling). In essence, path optimization is a router function which occurs in the routing table created by the network layer protocols. When using VPN IP tunneling, each of the link state routing protocols calculates the optimal path from the information provided within the routing tables. The calculation is based on metrics such as, bandwidth, delay, load, and hops. When changes occur in the network, the routing tables are updated throughout all the routers within the network. The process of updating the routers tables and recalculating their optimal paths leads to convergence. With each new generation of IP 39
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
weighted-fair queuing in VPN IP Tunneling. This could affect the speed of performance in VPN IP tunneling. - Network Scalability VPN IP tunneling has issues of scaling or growing network with workload. This demands resources of the router hardware in most cases. These VPN IP routers need memory, CPU and sufficient bandwidth to adequately take care or service the network. It is observed that routing tables and network topology are housed in router memory. Route summarization strategy reduces the memory requirement/drains. Also, routing protocols in VPNs that use areas/domains in a hierarchical topology needs small areas in its network design instead of large areas in order reduce memory consumption and improve scalability. Besides, the computation of network routes is a CPU utilization and intensive process. With route summarization as well as leveraging link-state routing protocols, the CPU utilization is adequately reduced as a result of the reduction in the number of routes that needs re-computation. Bandwidth utilization on the VPN connections to respective routers determines network scalability as well as convergence time. With distance-vector IP routing protocols (DVIRP), (i.e., RIP and IGRP) that sends their routing tables at regular intervals, this type of updating mechanism wastes bandwidth, but protects the bandwidth from an excessive routing update load whenever there is a topological change in the network. This periodic update mechanism in DVRP, also leads to slow convergence time in stable networks. On the other hand, Link-state IP routing protocols (LSIRP) (i.e., OSPF and IS-IS) takes care of bandwidth wastage and slow convergence time. The thread off is LSIRP in VPNs are CPU intensive, requires enormous bandwidth and memory utilization during convergence. At steady state network (stable network), LSIRP use minimal network bandwidth. After bootup and initialization convergence, updates are advertised to neighbor routers (link state routers-LSR) only when there is a topological network change. Once, there is a recognized topological database change, the LSR will use the current update to flood the neighboring LSRs. The issue with this is that it may result in excessive load on the bandwidth, CPU and memory of each LSR. In this In a VPN-IP tunnel, convergence time is lower with LSIRP compared with DVIRP. VPN-MPLS seeks to provide better performance in this regard. - Security With LSIRP and DVIRP, minimal level of security is provided in the VPN IP tunnel. Filtering route advertisements and authentication are the major roles executed by both routing schemes. With filtration, these protocols can disable route advertisements to LSR neighbors, hence protecting some aspect of the network. Also, some of these protocols authenticate their LSR neighbors before even participating in routing table updates. This represents a very vulnerable form of security as it basically protects illegal/unwanted traffic connectivity from other networks using the same routing protocol. Against these backgrounds, VPN IP tunneling is obviously not suitable for large scale networks. An enhanced solution is
needed to improve the determined network parameters that define and affect the performance of MPLS in VPN. Quality of Service (QoS) in the secure network is needed. Traffic engineering in the MPLS-VPN network model is also needed in order to enhance the overall network design. VII. RESEARCH DISCUSSIONS ON MPLS LAYER 3 VPN In this paper, Layer 3 VPNs is proposed leveraging MPLS traffic engineering. Layer 3 MPLS VPN presents a trade-off between administrative deployment cost, stability, convergence security and transparency to end hosts. As the Internet converges towards everything-over-IP scheme, switch multiplexing can support the transport of IP packets. With L3VPNs which runs on Multi-Protocol Label Switching protocol (MPLS), this can address the demands of customers, providers, and vendors at all times. The essential features of MPLS-VPN solution in cloud service delivery include: Support for single or multi-site networking within VPN Facilitates predictable network and traffic performance It offers national and International fibre optic backbone It is available at all times regarding customer service. Multilingual helpdesk Supports online network performance monitoring tool VIII. CONCLUSION The usefulness of VPN-IP tunneling is usually disrupted by joint node location and link connection problems for efficient resource utilization. In this paper, the optimization problems have been formulated. Simulation implementation with Riverbed modeler showed the reachability response time for all the VPN sites. Tunnel end-to-end delay, delay variation, throughput and resource utilization metrics were presented. The challenges of VPN_IP backbone were discussed while advancing discussions on MPLS Layer 3 VPNs. This work advocates that the 19.2 Tbps capacity presently in Nigeria can only be harnessed with well planned traffic engineering with the MPLS Layer 3 VPN domain. However, there are vital features of MPLS VPN to consider when selecting its routing protocol. These have been identified to include: the network topology, addressing and route summarization, route selection, convergence, network scalability and security. In addition, a new routing algorithm for the optimization problems will satisfy following metrics (in determining the best route to a destination network) including: path length, reliability, delay bandwidth, loadand communication cost, optimality, simplicity, robustness, rapid convergence, and addressing and summarization. By enabling MPLS Layer 3 VPN traffic engineering (tunneling signaling) on the router, the resulting QoS will facilitate efficient bandwidth utilization, as well as CPU resource utilization. 40
2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON) [4]
Rosen, E., and Rekhter, Y. BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4364, 2006. [5] Rosen, E., Viswanathan, A., and Callon, R. Multiprotocol Label Switching Architecture. RFC 3031, 2001. [6] Ankur Dumka and Hadwari Lal Mandoria, “Difference between Layer 2 and Layer 3 VPN in MPLS”, IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS), Vol. 2, No.4, 2012.Pp.821-824. [7] Lan jun and Lin bi ying, 2011 International Conference on Mechatronic Science, Electric Engineering and Computer, “Research for Service Deployment Based on MPLS L3 VPN Technology“,August 19-22, 2011, Jilin, China page 1484- 1488. [8] Rahul Aggarwal, Juniper Networks, OAM Mechanisms in MPLS Layer 2 Transport Networks, IEEEcommunication magazine october 2004 , page 124-130. [9] Yoo-Hwa Kang, and Jong-Hyup Lee, “The Implementation of the Premium Services for MPLS IP VPNs”Advanced Communication Technology, 2005, ICACT 2005. The 7th International Conference on Volume: 2 Digital Object Identifier: 10.1109/ICACT.2005.246152 ,Publication Year: 2005 , Page(s): 1107 – 1110. [10] Cisco Application Note- Multiprotocol Label Switching VPN and Multi-Virtual Route Forwarding Support for the Cisco Integrated Services Routers Family of Access Routers, 2012. [11] RiverbedModeler Academic Edition 17.5 PL6:Available Online: https://splash.riverbed.com/community/product-lines/steelcentral/ university-support-center/blog/2014/06/11/riverbed-modeleracademicedition-release.
Future work will focus on cloud based MPLS-VPN networks as graph solution. A scenario based MPLS_VPNs_with_Static_Routes will be used to announce the customer edge (CE) routes into the Virtual Routing and Forwarding (VRFs). This allows a router to have multiple (virtual) routing tables, which are basically a separate virtual routing table for each network interface (either physical or logical). With this technique, mapping a CE to the correct VPN becomes very flexible and then makes for easy configuration of the corresponding interface within a specific VRF table. In the proposed system, an MPLS inner label literally identifies a VRF instance. In the scenario MPLS_VPNs_with_BGP, will be used as the provider edge customer edge (PE-CE) protocol. MTN Network Operating Center will be used for the study. The result of this research is still on-going while seeking to contribute to effective bandwidth utilization in Nigeria.
REFERENCES [1]
[2]
[3]
L. Cittadini, G. Di Battista, M. Patrignani, “MPLS Virtual Private Networks”, in H. Haddadi, O. Bonaventure (Eds.), Recent Advances in Networking, (2013), pp. 275-304. Paul Knight, and Chris Lewis, “Layer 2 and 3 Virtual Private Networks: Taxonomy, Technology, and Standardization Efforts”,IEEE Communications Magazine • June 2004, Pp.124-131 K.C. Okafor, C.C. Okezie, C.C. Udeze, N. Okwuelu (2013). SMART IDS: An Enhanced Network Security Model in IP-MPLS Based Virtual Private Network. Afr J. of Comp & ICTs. Vol 6, No. 3. Pp135- 146.
41
